Tech Support Forum - View Single Post - Please - need help ASAP

sUBs · 10-27-2005, 02:50 PM

We caught it at a bad time. It was in the process of installing another set of Vundo trojans.

We'll have to run the fix again for the 2nd set.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Reboot your computer into Safe Mode.
Restart your computer and continually tapping the F8 key until a menu appears.
Use your up arrow key to highlight Safe Mode then hit enter.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
At the introductory screen, press <Enter> to proceed.
When asked to type in a filepath, please key this in:

C:\WINDOWS\system32\geedb.dll

Press Enter to continue with the fix.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Next you will be asked to type in a second filepath.
At this point please type the following file path (make sure to enter it exactly as below!):

C:\WINDOWS\system32\bdeeg.* < - the asterix * is part of the filepath

Press Enter to continue with the fix.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

The fix should then automatically launch HijackThis. (if it doesn't, you'll have to do it manually)
In HiJackThis, please place a check next to the following items and click FIX CHECKED:

O2 - BHO: MSEvents Object - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - C:\WINDOWS\system32\geedb.dll
O20 - Winlogon Notify: geedb - C:\WINDOWS\system32\geedb.dll
O20 - Winlogon Notify: jkhhh - jkhhh.dll (file missing)

After you have fixed these items, close Hijackthis and reboot your computer.

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

Once your machine reboots, run CleanUp using the previous settings

Run another Panda scan and then post a HJT log.

# You needn't do a complete scan of your machine.
When you get to the part where click 'My Computer', choose 'Other Media'
Just direct Panda to scan this folder - C:\Windows\System32\

10-27-2005, 02:50 PM	#8 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 24,353 OS: N/A	We caught it at a bad time. It was in the process of installing another set of Vundo trojans. We'll have to run the fix again for the 2nd set. * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * Reboot your computer into Safe Mode. Restart your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter. * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat At the introductory screen, press <Enter> to proceed. When asked to type in a filepath, please key this in: C:\WINDOWS\system32\geedb.dll Press Enter to continue with the fix. * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * Next you will be asked to type in a second filepath. At this point please type the following file path (make sure to enter it exactly as below!): C:\WINDOWS\system32\bdeeg.* < - the asterix * is part of the filepath Press Enter to continue with the fix. * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * The fix should then automatically launch HijackThis. (if it doesn't, you'll have to do it manually) In HiJackThis, please place a check next to the following items and click FIX CHECKED: O2 - BHO: MSEvents Object - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - C:\WINDOWS\system32\geedb.dll O20 - Winlogon Notify: geedb - C:\WINDOWS\system32\geedb.dll O20 - Winlogon Notify: jkhhh - jkhhh.dll (file missing) After you have fixed these items, close Hijackthis and reboot your computer. * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * Once your machine reboots, run CleanUp using the previous settings Run another Panda scan and then post a HJT log. # You needn't do a complete scan of your machine. When you get to the part where click 'My Computer', choose 'Other Media' Just direct Panda to scan this folder - C:\Windows\System32\ __________________ Question - what have you done for the community today?